The challenge for natas11 involves XOR encryption, and while I’m familiar with the idea, I can tell that one is actually going to take me a little time. I noticed that leviathan is only eight levels and ranked as a 1/10 difficulty, so I thought I’d give it a go and see if I could knock it out.

The actual listing on overthewire doesn’t have descriptions for the individual levels, so we’re not sure what to expect. When we log in as leviathan0, we’re met with an empty directory. Checking for hidden files, we see what looks like some pretty standard stuff except for the .backup dir. Lets head in there and see what we can find.

leviathan0@leviathan:~$ ls -asl
total 28
4 drwxr-xr-x 1 leviathan0 leviathan0 4096 Sep 14 01:15 .
4 drwxr-xr-x 1 root       root       4096 Sep 13 11:08 ..
4 drwxr-x--- 2 leviathan1 leviathan0 4096 Sep 13 11:08 .backup
4 -rw-r--r-- 1 leviathan0 leviathan0  220 Apr  9  2014 .bash_logout
4 -rw-r--r-- 1 leviathan0 leviathan0 3637 Apr  9  2014 .bashrc
4 drwx------ 2 leviathan0 leviathan0 4096 Sep 14 01:15 .cache
4 -rw-r--r-- 1 leviathan0 leviathan0  675 Apr  9  2014 .profile
leviathan0@leviathan:~$ cd  .backup/
leviathan0@leviathan:~/.backup$ ls
bookmarks.html
leviathan0@leviathan:~/.backup$

Bookmarks.html, huh? I tried manually scrolling through it, but there’s quite a bit of content here. Lets grep through it instead. Searching for the user name made the most sense.

leviathan0@leviathan:~/.backup$ grep leviathan bookmarks.html
<DT><A HREF="http://leviathan.labs.overthewire.org/passwordus.html | This will be fixed later, the password for leviathan1 is XXXXXXX" ADD_DATE="1155384634" LAST_CHARSET="ISO-8859-1" ID="rdf:#$2wIU71">password to leviathan1</A>
leviathan0@leviathan:~/.backup$

There we go. First level is down.